[kwlug-disc] And so it begins...

Andrew Kohlsmith (mailing lists account) aklists at mixdown.ca
Thu Jul 30 00:06:31 EDT 2015


> On Jul 29, 2015, at 11:24 PM, Khalid Baheyeldin <kb at 2bits.com> wrote:
> As with airlines, where avionics and "other stuff" are separate, cars should have the ECU, power train and other essential features separate from other stuff (entertainment, climate, OnStar et al, …)

It’s not that easy. These systems need a (limited) ability to talk to each other, but with avionics it’s done over one-way links and the gateways are very strictly controlled. DO178 is no joke, and if you don’t play by the rules, your LRU doesn’t get certified.  With MISRA it seems that nobody really tests against it or rather that there is no real consequence to failing. I’m not even sure if MISRA stipulates anything about process regarding inter-bus communication (probably not).

> OBD-II comes to mind, but even that is causing problems in Europe where crooks have crafted contraptions that are able to duplicate keys.

OBD doesn’t help much with the keys. What people are finding is that you can play tricks on the OBD network because (surprise surprise) there is no security whatsoever involved. Replay attacks are the most common. The immobilizer circumvention has more to do with plain old crappy security than OBD.

-A.






More information about the kwlug-disc mailing list